Socials

Blog

I didn’t attend any AWS reInvent or reInforce conferences to date, however, I never missed any AWS reInvent Security Announcements !! Even this year I watched the reinvent sessions and keynotes while relaxing at home with some popcorn and drinks Read more…

Hi all, In this post, we will discuss the various AWS Reconnaissance Tools used to recon and exploit AWS cloud accounts. Let’s first look at the reasons due to which credentials get exposed: Vulnerabilities in AWS hosted applications like SSRF Read more…

What is PacBot? PacBot is Policy as Code Bot which does continuous compliance monitoring, compliance reporting and security automation for AWS(as of the date I am writing this post) from T-Mobile. In PacBot, security and compliance policies are implemented as Read more…

What is CloudTrail and how can it be disrupted? With AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for your account, including API calls made via the AWS Management Console, the Read more…

Shifting strategy from DevOps to DevSecOps An introduction to the devsecops and the strategy for implementing DevSecOps culture is presented by Setu Parimi on 29th July 2018. It’s a session focussed on a high-level overview of devsecops which will be followed by Read more…

Introduction CloudSploit is an AWS compliance, security and configuration monitoring scanner which is the first of its kind. It is an open source project designed to detect security risks in AWS. The CloudSploit Scans is built on NodeJS script which works Read more…

What is AWS Post exploitation? Post exploitation is required when you’ve successfully compromised a particular target. The purpose of the AWS Post Exploitation phase is to determine the value of the account compromised and to maintain control of the account for Read more…

AWS Security Automation Security automation is the automatic handling of a task in a script or machine based security application that would otherwise be done manually by a cybersecurity professional. AWS Security Automation is automating your AWS testing tasks like Read more…

Introduction Nimbostratus is a tool developed by Andres Riancho for fingerprinting and exploiting Amazon cloud infrastructures. Nimbostratus uses any application level HTTP proxy vulnerability to enumerate the instance and credentials from the metadata service which is available to all the Read more…

Introduction In this article, we will be talking about Cloud Custodian, an open source rules engine for fleet management in AWS. The simple YAML DSL allows you to easily define rules to enable a well-managed cloud infrastructure, that’s both secure Read more…